Creating Private Key and Certificate Signing Request (CSR)

After you have created a hierarchy for your own Certificate Authority (CA), you can use the same CA.sh script to create the private key and certificate signing request.

Procedure

  1. Open a command prompt window.
  2. Navigate to the directory.
  3. Enter the following command (with the -newreq parameter) to create a new certificate request (CSR): 
       CA.sh -newreq
  4. Verify that the output of this command contains both the private key and the certificate signing request. The private key is written to the file newkey.pem and the certificate request is written to the file newreq.pem.
  5. Enter the following command (with the -sign parameter) to have the certificate signing certificate request being signed by the CA: 
       CA.sh -sign
    Note: The script expects the certificate request to be in the file newreq.pem. The new certificate is written to the file newcert.pem.